France: National Commission on Informatics and Liberty closed case against KASPR following compliance with data deletion measures

On 4 March 2026, the National Commission on Informatics and Liberty (CNIL) closed its case concerning KASPR, a company managing a database of approximately 160 million contacts, after confirming compliance with its previous decision. The CNIL found that KASPR had fulfilled the obligations set out in Decision no. SAN-2024-020 by deleting the database, ceasing the extraction of contact details from LinkedIn, removing the automatic five-year retention renewal, implementing an email notification system in all EU official languages to allow data subjects to object, and responding to access requests from complainants. Consequently, the CNIL decided not to enforce the daily penalty of EUR 10,000 per day of delay specified in SAN-2024-020.